Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

33 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5507 1 Netapp 1 Snapmanager 2019-10-15 2.1
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
CVE-2018-1842 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-10-09 3.3
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.
CVE-2017-3138 3 Isc, Netapp, Debian 5 Bind, Data Ontap Edge, Element Software and 2 more 2019-10-09 3.5
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has...
CVE-2016-8612 3 Apache, Redhat, Netapp 3 Http Server, Enterprise Linux, Storage Automation Store 2019-10-09 3.3
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2017-1779 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-10-03 2.1
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
CVE-2018-16888 3 Freedesktop, Netapp, Redhat 4 Systemd, Active Iq Performance Analytics Services, Element Software and 1 more 2019-10-03 1.9
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to...
CVE-2018-5736 2 Isc, Netapp 3 Bind, Cloud Backup, Data Ontap Edge 2019-10-03 3.5
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by...
CVE-2018-3062 3 Oracle, Netapp, Canonical 6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more 2019-10-03 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low...
CVE-2018-3074 2 Oracle, Netapp 5 Mysql, Oncommand Insight, Oncommand Workflow Automation and 2 more 2019-10-03 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access...
CVE-2018-3084 2 Oracle, Netapp 5 Mysql, Oncommand Insight, Oncommand Workflow Automation and 2 more 2019-10-03 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the...
CVE-2018-7170 4 Ntp, Synology, Slackware and 1 more 9 Ntp, Diskstation Manager, Router Manager and 6 more 2019-10-03 3.5
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via...
CVE-2018-3283 3 Oracle, Netapp, Canonical 6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more 2019-10-03 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with...
CVE-2018-3284 3 Oracle, Netapp, Canonical 6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more 2019-10-03 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
CVE-2018-20685 7 Openbsd, Netapp, Winscp and 4 more 11 Openssh, Cloud Backup, Element Software and 8 more 2019-10-03 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-3174 4 Oracle, Netapp, Canonical and 1 more 7 Mysql, Oncommand Insight, Oncommand Workflow Automation and 4 more 2019-10-03 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability...
CVE-2017-1783 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-10-03 2.1
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
CVE-2017-1784 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-09-30 2.1
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.
CVE-2018-19985 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 1 more 2019-09-03 2.1
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows...
CVE-2018-10545 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 1.9
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing...
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...